Date: Wed, 08 Sep 1999 01:45:17 -0700 From: dmp@aracnet.com To: "Sergey S. Kosyakov" <ks@chg.ru> Cc: freebsd-security@FreeBSD.ORG, Garrett Wollman <wollman@khavrinen.lcs.mit.edu> Subject: Re: Layer 2 ethernet encryption? Message-ID: <37D6221D.82C57D6B@aracnet.com> References: <XFMail.990908104147.ks@chg.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
"Sergey S. Kosyakov" wrote: >> Short of winning a significant lottery, it would be economically >> impossible to move the network to fibre, there's too many nodes to >> upgrade. > > Security was always expensive :-) More security, more expensies. True, but the resources needed for the upgrade are well beyond our means. >> The network currently can't be segmented any more than it is without >> breaking it's applications. > > 1. I don't undestand. What do you mean "breaking it's applications". The applications we run would cease to work properly if the network was segmented any more than it already is. > 2. Do you thing about huge CPUs load on each host in the case of "too many > nodes"? In the case of layer2 encryption each host must decrypt each packet in > the segment, or at least each packet header. CPU power isn't a concern. Encryption would be handled by the cypher chip, not the CPU, and the MAC address wouldn't be encrypted. The cypher encrypts layers 3 and up. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37D6221D.82C57D6B>